diff --git a/client-setup.sh b/client-setup.sh new file mode 100644 index 00000000..5801cf79 --- /dev/null +++ b/client-setup.sh @@ -0,0 +1,86 @@ +#!/bin/bash + +# Copyright 2020 - 2022 Crunchy Data Solutions, Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script should be run after the operator has been deployed +PGO_OPERATOR_NAMESPACE="${PGO_OPERATOR_NAMESPACE:-postgres-operator}" +PGO_USER_ADMIN="${PGO_USER_ADMIN:-pgouser-admin}" +PGO_CLIENT_VERSION="${PGO_CLIENT_VERSION:-v4.7.7}" +PGO_CLIENT_URL="https://github.com/CrunchyData/postgres-operator/releases/download/${PGO_CLIENT_VERSION}" + +PGO_CMD="${PGO_CMD-kubectl}" + +# Checks operating system and determines which binary to download +UNAME_RESULT=$(uname) +if [[ "${UNAME_RESULT}" == "Linux" ]] +then + BIN_NAME="pgo" +elif [[ "${UNAME_RESULT}" == "Darwin" ]] +then + BIN_NAME="pgo-mac" +else + echo "${UNAME_RESULT} is not supported, valid operating systems are: Linux, Darwin" + echo "Exiting..." + exit 1 +fi + +# Creates the output directory for files +OUTPUT_DIR="${HOME}/.pgo/${PGO_OPERATOR_NAMESPACE}" +install -d -m a-rwx,u+rwx "${OUTPUT_DIR}" + +if [ -f "${OUTPUT_DIR}/pgo" ] +then + echo "pgo Client Binary detected at: ${OUTPUT_DIR}" + echo "Updating Binary..." +fi + +echo "Operating System found is ${UNAME_RESULT}..." +echo "Downloading ${BIN_NAME} version: ${PGO_CLIENT_VERSION}..." +curl -Lo "${OUTPUT_DIR}/pgo" "${PGO_CLIENT_URL}/${BIN_NAME}" +chmod +x "${OUTPUT_DIR}/pgo" + + +# Check that the pgouser-admin secret exists +if [ -z "$($PGO_CMD get secret -n ${PGO_OPERATOR_NAMESPACE} ${PGO_USER_ADMIN})" ] +then + echo "${PGO_USER_ADMIN} Secret not found in namespace: ${PGO_OPERATOR_NAMESPACE}" + echo "Please ensure that the PostgreSQL Operator has been installed." + echo "Exiting..." + exit 1 +fi + +# Check that the pgo.tls secret exists +if [ -z "$($PGO_CMD get secret -n ${PGO_OPERATOR_NAMESPACE} pgo.tls)" ] +then + echo "pgo.tls Secret not found in namespace: ${PGO_OPERATOR_NAMESPACE}" + echo "Please ensure that the PostgreSQL Operator has been installed." + echo "Exiting..." + exit 1 +fi + +# Restrict access to the target file before writing +kubectl_get_private() { touch "$1" && chmod a-rwx,u+rw "$1" && $PGO_CMD get > "$1" "${@:2}"; } + +# Use the pgouser-admin secret to generate pgouser file +kubectl_get_private "${OUTPUT_DIR}/pgouser" secret -n "${PGO_OPERATOR_NAMESPACE}" "${PGO_USER_ADMIN}" \ + -o 'go-template={{ .data.username | base64decode }}:{{ .data.password | base64decode }}' + +# Use the pgo.tls secret to generate the client cert files +kubectl_get_private "${OUTPUT_DIR}/client.crt" secret -n "${PGO_OPERATOR_NAMESPACE}" pgo.tls -o 'go-template={{ index .data "tls.crt" | base64decode }}' +kubectl_get_private "${OUTPUT_DIR}/client.key" secret -n "${PGO_OPERATOR_NAMESPACE}" pgo.tls -o 'go-template={{ index .data "tls.key" | base64decode }}' + +echo "pgo client files have been generated, please add the following to your bashrc" +echo "export PATH=${OUTPUT_DIR}:\$PATH" +echo "export PGOUSER=${OUTPUT_DIR}/pgouser" +echo "export PGO_CA_CERT=${OUTPUT_DIR}/client.crt" +echo "export PGO_CLIENT_CERT=${OUTPUT_DIR}/client.crt" +echo "export PGO_CLIENT_KEY=${OUTPUT_DIR}/client.key" diff --git a/kustomize/postgres/kustomization.yaml b/kustomize/postgres/kustomization.yaml index 249b4106..e1ce9015 100644 --- a/kustomize/postgres/kustomization.yaml +++ b/kustomize/postgres/kustomization.yaml @@ -1,4 +1,4 @@ -namespace: postgres-operator +namespace: moodle resources: - postgres.yaml diff --git a/kustomize/postgres/postgres.yaml b/kustomize/postgres/postgres.yaml index e89bb6b6..99a0b6f7 100644 --- a/kustomize/postgres/postgres.yaml +++ b/kustomize/postgres/postgres.yaml @@ -1,12 +1,13 @@ apiVersion: postgres-operator.crunchydata.com/v1beta1 kind: PostgresCluster metadata: - name: hippo + name: postgres-moodle spec: image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.5-0 postgresVersion: 14 instances: - name: instance1 + replicas: 1 dataVolumeClaimSpec: accessModes: - "ReadWriteOnce" diff --git a/lab6/mysql-configmap.yaml b/lab6/mysql-configmap.yaml new file mode 100644 index 00000000..afcc599e --- /dev/null +++ b/lab6/mysql-configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mysql + labels: + app: mysql + app.kubernetes.io/name: mysql +data: + primary.cnf: | + # Apply this config only on the primary. + [mysqld] + log-bin + default_authentication_plugin=mysql_native_password + replica.cnf: | + # Apply this config only on replicas. + [mysqld] + super-read-only + #default_authentication_plugin=mysql_native_password + diff --git a/lab6/mysql-services.yaml b/lab6/mysql-services.yaml new file mode 100644 index 00000000..bc015066 --- /dev/null +++ b/lab6/mysql-services.yaml @@ -0,0 +1,32 @@ +# Headless service for stable DNS entries of StatefulSet members. +apiVersion: v1 +kind: Service +metadata: + name: mysql + labels: + app: mysql + app.kubernetes.io/name: mysql +spec: + ports: + - name: mysql + port: 3306 + clusterIP: None + selector: + app: mysql +--- +# Client service for connecting to any MySQL instance for reads. +# For writes, you must instead connect to the primary: mysql-0.mysql. +apiVersion: v1 +kind: Service +metadata: + name: mysql-read + labels: + app: mysql + app.kubernetes.io/name: mysql + readonly: "true" +spec: + ports: + - name: mysql + port: 3306 + selector: + app: mysql diff --git a/lab6/mysql-sts.yaml b/lab6/mysql-sts.yaml new file mode 100644 index 00000000..76a83ed9 --- /dev/null +++ b/lab6/mysql-sts.yaml @@ -0,0 +1,174 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mysql +spec: + selector: + matchLabels: + app: mysql + app.kubernetes.io/name: mysql + serviceName: mysql + replicas: 3 + template: + metadata: + labels: + app: mysql + app.kubernetes.io/name: mysql + spec: + initContainers: + - name: init-mysql + image: mysql:5.7-debian + command: + - bash + - "-c" + - | + set -ex + # Generate mysql server-id from pod ordinal index. + [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 + ordinal=${BASH_REMATCH[1]} + echo [mysqld] > /mnt/conf.d/server-id.cnf + # Add an offset to avoid reserved server-id=0 value. + echo server-id=$((100 + $ordinal)) >> /mnt/conf.d/server-id.cnf + # Copy appropriate conf.d files from config-map to emptyDir. + if [[ $ordinal -eq 0 ]]; then + cp /mnt/config-map/primary.cnf /mnt/conf.d/ + else + cp /mnt/config-map/replica.cnf /mnt/conf.d/ + fi + volumeMounts: + - name: conf + mountPath: /mnt/conf.d + - name: config-map + mountPath: /mnt/config-map + - name: clone-mysql + image: gcr.io/google-samples/xtrabackup:1.0 + command: + - bash + - "-c" + - | + set -ex + # Skip the clone if data already exists. + [[ -d /var/lib/mysql/mysql ]] && exit 0 + # Skip the clone on primary (ordinal index 0). + [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 + ordinal=${BASH_REMATCH[1]} + [[ $ordinal -eq 0 ]] && exit 0 + # Clone data from previous peer. + ncat --recv-only mysql-$(($ordinal-1)).mysql 3307 | xbstream -x -C /var/lib/mysql + # Prepare the backup. + xtrabackup --prepare --target-dir=/var/lib/mysql + volumeMounts: + - name: data + mountPath: /var/lib/mysql + subPath: mysql + - name: conf + mountPath: /etc/mysql/conf.d + containers: + - name: mysql + image: mysql:5.7-debian + env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "1" + - name: MYSQL_DATABASE + value: "wordpress" + - name: MYSQL_USER + value: "wordpress" + - name: MYSQL_PASSWORD + value: "wordpress" + ports: + - name: mysql + containerPort: 3306 + volumeMounts: + - name: data + mountPath: /var/lib/mysql + subPath: mysql + - name: conf + mountPath: /etc/mysql/conf.d + resources: + requests: + cpu: 500m + memory: 1Gi + livenessProbe: + exec: + command: ["mysqladmin", "ping"] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + exec: + # Check we can execute queries over TCP (skip-networking is off). + command: ["mysql", "-h", "127.0.0.1", "-e", "SELECT 1"] + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + - name: xtrabackup + image: gcr.io/google-samples/xtrabackup:1.0 + ports: + - name: xtrabackup + containerPort: 3307 + command: + - bash + - "-c" + - | + set -ex + cd /var/lib/mysql + + # Determine binlog position of cloned data, if any. + if [[ -f xtrabackup_slave_info && "x$( change_master_to.sql.in + # Ignore xtrabackup_binlog_info in this case (it's useless). + rm -f xtrabackup_slave_info xtrabackup_binlog_info + elif [[ -f xtrabackup_binlog_info ]]; then + # We're cloning directly from primary. Parse binlog position. + [[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1 + rm -f xtrabackup_binlog_info xtrabackup_slave_info + echo "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\ + MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.in + fi + + # Check if we need to complete a clone by starting replication. + if [[ -f change_master_to.sql.in ]]; then + echo "Waiting for mysqld to be ready (accepting connections)" + until mysql -h 127.0.0.1 -e "SELECT 1"; do sleep 1; done + + echo "Initializing replication from clone position" + mysql -h 127.0.0.1 \ + -e "$( /mnt/conf.d/server-id.cnf + # Add an offset to avoid reserved server-id=0 value. + echo server-id=$((100 + $ordinal)) >> /mnt/conf.d/server-id.cnf + # Copy appropriate conf.d files from config-map to emptyDir. + if [[ $ordinal -eq 0 ]]; then + cp /mnt/config-map/primary.cnf /mnt/conf.d/ + else + cp /mnt/config-map/replica.cnf /mnt/conf.d/ + fi + volumeMounts: + - name: conf + mountPath: /mnt/conf.d + - name: config-map + mountPath: /mnt/config-map + - name: clone-mysql + image: gcr.io/google-samples/xtrabackup:1.0 + command: + - bash + - "-c" + - | + set -ex + # Skip the clone if data already exists. + [[ -d /var/lib/mysql/mysql ]] && exit 0 + # Skip the clone on primary (ordinal index 0). + [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 + ordinal=${BASH_REMATCH[1]} + [[ $ordinal -eq 0 ]] && exit 0 + # Clone data from previous peer. + ncat --recv-only mysql-$(($ordinal-1)).mysql 3307 | xbstream -x -C /var/lib/mysql + # Prepare the backup. + xtrabackup --prepare --target-dir=/var/lib/mysql + volumeMounts: + - name: data + mountPath: /var/lib/mysql + subPath: mysql + - name: conf + mountPath: /etc/mysql/conf.d + containers: + - name: mysql + image: mysql:debian + env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "1" + ports: + - name: mysql + containerPort: 3306 + volumeMounts: + - name: data + mountPath: /var/lib/mysql + subPath: mysql + - name: conf + mountPath: /etc/mysql/conf.d + resources: + requests: + cpu: 500m + memory: 1Gi + livenessProbe: + exec: + command: ["mysqladmin", "ping"] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + exec: + # Check we can execute queries over TCP (skip-networking is off). + command: ["mysql", "-h", "127.0.0.1", "-e", "SELECT 1"] + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + - name: xtrabackup + image: gcr.io/google-samples/xtrabackup:1.0 + ports: + - name: xtrabackup + containerPort: 3307 + command: + - bash + - "-c" + - | + set -ex + cd /var/lib/mysql + + # Determine binlog position of cloned data, if any. + if [[ -f xtrabackup_slave_info && "x$( change_master_to.sql.in + # Ignore xtrabackup_binlog_info in this case (it's useless). + rm -f xtrabackup_slave_info xtrabackup_binlog_info + elif [[ -f xtrabackup_binlog_info ]]; then + # We're cloning directly from primary. Parse binlog position. + [[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1 + rm -f xtrabackup_binlog_info xtrabackup_slave_info + echo "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\ + MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.in + fi + + # Check if we need to complete a clone by starting replication. + if [[ -f change_master_to.sql.in ]]; then + echo "Waiting for mysqld to be ready (accepting connections)" + until mysql -h 127.0.0.1 -e "SELECT 1"; do sleep 1; done + + echo "Initializing replication from clone position" + mysql -h 127.0.0.1 \ + -e "$(